5 results (0.011 seconds)

CVSS: 9.3EPSS: 14%CPEs: 10EXPL: 0

Microsoft Windows Media Player 10 through 12 allows remote attackers to execute arbitrary code via a crafted DataObject on a web site, aka "Windows Media Player RCE via DataObject Vulnerability." Microsoft Windows Media Player 10 hasta 12 permite a atacantes remotos ejecutar código a través de un DataObject manipulado en un sitio web, también conocido como 'vulnerabilidad de DataObject a través de RCE Windows Media Player.' • http://www.securitytracker.com/id/1032522 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-057 https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1200 • CWE-17: DEPRECATED: Code •

CVSS: 9.3EPSS: 86%CPEs: 5EXPL: 0

The Microsoft WMV video codec in wmv9vcm.dll, wmvdmod.dll in Windows Media Format Runtime 9 and 9.5, and wmvdecod.dll in Windows Media Format Runtime 11 and Windows Media Player 11 and 12 allows remote attackers to execute arbitrary code via a crafted media file, aka "WMV Video Decoder Remote Code Execution Vulnerability." El códec de vídeo Microsoft WMV en wmv9vcm.dll, wmvdmod.dll en Windows Media Format Runtime v9 y v9.5, y wmvdecod.dll en Windows Media Format Runtime 11 y Windows Media Player v11 y v12 permite a atacantes remotos a ejecutar código a través de ficheros multimedia manipulados, tambíen conocido como "WMV Video Decoder Remote Code Execution Vulnerability." This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Windows Media Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the ASF Header Object where the initial value of a for loop is not properly sanitized. An integer underflow can occur resulting in a buffer overflow. • http://www.us-cert.gov/ncas/alerts/TA13-190A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-057 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16998 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.3EPSS: 94%CPEs: 28EXPL: 1

Microsoft Windows Media Player (WMP) 9 through 12 does not properly deallocate objects during a browser reload action, which allows user-assisted remote attackers to execute arbitrary code via crafted media content referenced in an HTML document, aka "Windows Media Player Memory Corruption Vulnerability." Microsoft Windows Media Player (WMP) v9 hasta v12 no asigna adecuadamente ojetos durante la acción de recarga de buscador, lo que permite a atacantes asistidos por usuarios remotos ejecutar código de su elección a través de contenido desferenciado media manipulado en un documento HTML, también conocido como "Vulnerabilidad de corrupción de memoria Windows Media Player". • https://www.exploit-db.com/exploits/15242 http://www.securitytracker.com/id?1024550 http://www.us-cert.gov/cas/techalerts/TA10-285A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-082 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6653 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 4.3EPSS: 97%CPEs: 3EXPL: 2

Microsoft Windows Media Player 11 does not properly perform colorspace conversion, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .AVI file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Microsoft Windows Media Player 11 no convierte correctamente el colorspace, lo que permite a atacantes remotos causar una denegación de servicio (corrupción de memoria) o posiblemente ejecutar código arbitrario a través de un archivo .AVI manipulado. NOTA: la procedencia de esta información es desconocida, los detalles son obtenidos exclusivamente de la información de terceros. • https://www.exploit-db.com/exploits/33770 http://www.securityfocus.com/bid/38790 https://exchange.xforce.ibmcloud.com/vulnerabilities/57205 •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 2

Buffer overflow in Microsoft Windows Media Player 9 and 11.0.5721.5145 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted .mpg file. Desbordamiento de búfer en Microsoft Windows Media Player 9 y v11.0.5721.5145, permite a atacantes remotos provocar una denegación de servicio (división entre 0 y caída de aplicación) a través de un fichero .mpg manipulado. • https://www.exploit-db.com/exploits/11531 http://www.exploit-db.com/exploits/11531 https://exchange.xforce.ibmcloud.com/vulnerabilities/56435 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •